SQL Injection Vulnerability in Oracle Application Server
CVE-2008-2589

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server; Oracle Portal Component
Vendor: CVE Published:; 15 July 2008

What is CVE-2008-2589?

An unspecified SQL injection vulnerability exists in the Oracle Portal component of multiple versions of Oracle Application Server. This flaw may allow remote attackers to execute arbitrary SQL and PL/SQL commands by manipulating the second argument of the SHOW procedure within the WWV_RENDER_REPORT package. Such exploitation poses significant risk, as the impact and specific attack vectors remain unknown, highlighting the necessity for prompt remediation.

References

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/2115

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/494410/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2008
Vulnerability Reserved
Jun 9, 2008